Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

•According to the Florida Independent, federal authorities said a Pinellas County, Florida businessman for years dealt in counterfeit computer chips that went to defense contractors and the military, risking lives and endangering national security. (See item 11)

11. September 24, Florida Independent – (Florida; National) Defense contractor confirms indicted Florida businessman sold counterfeit computer chips. Federal authorities said a Pinellas County, Florida businessman for years dealt in counterfeit computer chips, risking the lives of military personnel and potentially endangering national security. Authorities said his dealings in counterfeit “military grade” integrated circuits, or ICs, made him rich, but one alleged victim — a major defense contractor specializing in missile technology — said the company purchased chips that turned out to be fake from a supplier, who bought them from the businessman. “We quickly determined upon failure-testing they were counterfeit and contacted the FBI,” said a spokesman for Raytheon, a major defense and aerospace systems supplier. The week of September 13, federal authorities descended on the businessman’s Clearwater electronics dealership, VisionTech Components, after a Washington D.C. grand jury came back with indictments for him and his office manager accusing them of mail fraud and trafficking in counterfeit goods. U.S. Attorney’s Office officials said his company made 31 separate sales of 59,540 counterfeit integrated circuits imported from China and Hong Kong for $425,293 to various companies, including ones with contracts with the U.S. Navy. Source: http://floridaindependent.com/8706/defense-contractor-confirms-indicted-florida-businessman-sold-counterfeit-computer-chips

•Associated Press reports that European security officials said September 29 a terror plot to wage Mumbai-style shooting sprees in Britain, France, and Germany is still active. The plot was in its early stages and not considered serious enough to raise the current terror threat level, officials said. Still, the Eiffel Tower in Paris was briefly evacuated September 28 for the second time in the past week because of an unspecified threat. (See item 44)

44. September 29, Associated Press – (International) Europe terror threat still active. European security officials said September 29 a terror plot to wage Mumbai, India-style shooting sprees in Britain, France, and Germany is still active and that sites in Pakistan — where the threat was intercepted 2 weeks ago — are being scoured for al-Qaeda operatives. The plot was still in its early stages and not considered serious enough to raise the current terror threat level, officials said. Still, the Eiffel Tower in Paris, France was briefly evacuated September 28 for the second time in the past week because of an unspecified threat, and police were on alert in Britain and France. “This plot was in its embryonic stages,” a British government official told the Associated Press September 29. “This one has preoccupied us more than others in the past few weeks — and it is still active — but it has not raised enough alarms to change our security threat level.” The announcement of the plot came ahead of the September 30 anniversary of the Prophet Muhammad cartoons being published in a Danish newspaper. It also came as Spanish authorities announced they had arrested September 28 a U.S. citizen of Algerian origin on suspicion of financing al-Qaeda’s North African affiliate. Source: http://www.google.com/hostednews/ap/article/ALeqM5glNGJLYipcY1gxBiWju9qrOz4ZbwD9IHKES80?docId=D9IHKES80

Details

Banking and Finance Sector

12. September 29, BBC News – (International) European cities hit by anti-austerity protests. Tens of thousands of people from around Europe have marched across Brussels, Belgium in a protest against spending cuts by some EU governments. Spain has held a general strike, with protesters in Barcelona clashing with police and torching a police car. Other protests against austerity measures have been held in Greece, Italy, the Irish Republic, and Latvia. Trade unions said EU workers may become the biggest victims of a financial crisis set off by bankers and traders. Police sealed off the EU headquarters and barricaded banks and shops ahead of the protest in Brussels. Tens of thousands of demonstrators, many carrying large red and green balloons and banners, headed towards EU institution buildings in the Belgian capital. In the Irish Republic, a man drove a cement mixer covered with anti-bank slogans into the gates of the parliament in Dublin, in an apparent protest at the country’s expensive bank bail-out. Source: http://www.bbc.co.uk/news/world-europe-11432579

13. September 29, Wall Street Journal – (International) U.K. arrests 19 for major bank hack. Police arrested 19 people in London as part of an investigation into an international cybercrime gang that authorities believe stole at least $9.5 million from accounts held at major U.K. banks, including HSBC Holdings PLC and Royal Bank of Scotland Group PLC. In dawn raids September 28, officers arrested the 15 men and 4 women on suspicion of computer-related crimes, according to London’s Metropolitan police service, known as Scotland Yard. A police spokesman said they are not believed to be British citizens, but declined to specify their nationalities. Police suspect the group of having targeted thousands of computers belonging to U.K. banking customers by infecting them with a computer code called Zeus, which has become widely used by criminals world-wide. The code allowed the fraudsters to capture personal log-in details by enabling them to trick people who bank online into entering their details into fake Web pages that mimic those of their banks. Police believe the group then used the information to gain unauthorized access to the bank accounts and transfer funds to “mule” or “drop” accounts controlled by the criminal network. Source: http://online.wsj.com/article/SB10001424052748704116004575521300419639946.html

14. September 27, Digital Transactions News – (National) Debit card fraud strikes Aldi grocery-store customers. A rash of debit card fraud has hit customers of the discount supermarket chain Aldi. Criminals obtained customers’ PINs and card numbers in the Midwest to make unauthorized ATM withdrawals in other states, especially California. Batavia, Illinois-based Aldi’s case is different from most retail card fraud because the chain, owned by Germany-based Aldi Sud, accepts only cash and PIN-debit cards, including public-benefits cards, though it has tested credit cards. Aldi said the fraud is the result of “tampering” with debit card terminals. That suggests fraudsters placed skimmers on point-of-sale terminals to capture card data, though the company refuses to provide details. Last weekend, more press reports emerged about fraud involving Aldi shoppers in the Chicago suburb of St. Charles and in Kane County, Illinois. The U.S. Secret Service is involved in the probe, according to the Daily Herald. Source: http://www.digitaltransactions.net/newsstory.cfm?newsid=2650

15. September 27, Reuters – (National) U.S. Mint says has run out on Buffalo gold coins. The U.S. Mint has run out of a type of highly pure gold coin it had been selling amid record high prices of gold. The mint said it will not stock more of the 1-ounce, 24-karat American Buffalo bullion coins. “The United States Mint has depleted its inventory of 2010 American Buffalo One Ounce Gold Bullion Coins,” the Mint said in a statement, seen by Reuters September 27. Gold prices have hit record highs over the last 2 weeks, breaching $1,300 per ounce, as investors bought into the precious metal on global economic health worries and possibilities of more U.S. stimulus programs that could weaken the U.S. dollar. Source: http://www.reuters.com/article/idUSTRE68Q5QA20100927

Information Technology

36. September 29, Networld World – (International) Many Android apps leak user privacy data. A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users’ private information to remote advertising servers, without the users being aware of what was being sent or to whom. In some cases, the user’s location data was sent as often as every 30 seconds. The software, called TaintDroid, was designed to uncover how user-permitted applications actually access and use private or sensitive data, including location, phone numbers, and even SIM card identifiers, and to notify users within seconds. The findings suggest that Android, and other phone operating systems, need to do more to monitor what third-party applications are doing under the covers of smartphones. TaintDroid is a joint effort by researchers at Duke University, Intel Labs, and Penn State University. The team’s paper, “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones” will be presented in October at the USENIX Symposium on Operating Systems Design and Implementation. Source: http://www.networkworld.com/news/2010/092910-android-privacy.html

37. September 28, The Register – (International) Researchers up evilness ante with GPU-assisted malware. Computer scientists have developed proof-of-concept malware that evades traditional security defenses by running on a PC’s graphics processor. The prototype taps a PC’s GPU to decrypt, or “unpack,” a malicious payload from a file just prior to being run on a targeted machine. “Implementing the self-unpacking functionality of a malware binary using GPU code can pose significant obstacles to current malware detection and analysis systems,” the scientists wrote in a research paper scheduled to be presented next month at the IEEE’s International Conference on Malicious and Unwanted Software. “A malware author can take advantage of the computational power of modern graphics processors and pack the malware with extremely complex encryption schemes that ... can be efficiently computed due to the massively parallel architecture of GPUs.” The prototype was designed to run on GPUs compatible with Nvidia’s Computer Unified Device Architecture. It would not be hard for attackers to include another framework in the same malicious binary that supports GPUs made by AMD. The paper was written by scientists from The Foundation for Research and Technology in Greece, and Columbia University. Source: http://www.theregister.co.uk/2010/09/28/gpu_assisted_malware/

38. September 28, DarkReading – (International) You’re always just two clicks away from malware. A new study has found that users visiting the top 1,000 Web sites are typically no more than two clicks away from malicious content. Websense discovered three main paths to malware: Aside from the top Web sites, there are poisoned search results and malicious links. Among the top 1,000 sites typically at least two mouse clicks away from malware are 72 percent of the top news and media sites; 71 percent of the top message boards and forums; and more than half of all social networking sites, according to the study. “This suggests a high degree of correlation between the most highly visited websites and malware,” said the senior security research director for Websense. Source: http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=227500863&subSection=End+user/client+security

39. September 27, Softpedia – (International) XSS worm hits Orkut. A cross-site scripting vulnerability was exploited September 25 on Orkut to launch a fast-spreading worm that auto-posted a rogue message reading “Bom Sabado” on people’s scrapbooks. “Bom Sabado” means “Good Saturday” in Portuguese, which led some people to assume that the worm originated in Brazil, where Orkut has a significantly large user base. The messages, which has rogue JavaScript code embedded into them, forced logged in users to repost them on their friends’ scrapbooks (the equivalent of “Walls” on Facebook). The attack was extremely viral and affected almost 10 percent of all Orkut users, 70 percent of whom are from India or Brazil. The social network has over 52 million users. Google fixed the underlying vulnerability in a matter of hours. According to some reports, the worm also automatically subscribed victims to a group. However, News Live quotes a Google spokesperson who said the attack was not malicious. Source: http://news.softpedia.com/news/XSS-Worm-Hits-Orkut-158198.shtml

40. September 27, DarkReading – (International) Security is chief inhibitor to Web 2.0 implementation, study finds. About half of businesses are concerned about the security of Web 2.0 applications, according to a survey of more than 1,000 business decision-makers in 17 countries. The survey was commissioned by McAfee and authored by faculty affiliated with the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. About 60 percent of respondents are also concerned about the loss of reputation that might occur through the misuse of Web 2.0 applications, which include such technologies as social media, microblogging, collaborative platforms, Web mail, and content sharing tools. Brazil, Spain, and India lead in adoption of Web 2.0 technology for business, while adoption was lowest in Canada, Australia, the United States, and the United Kingdom, said the report, which was published September 27. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=227500804&subSection=Vulnerabilities+and+threats

Communications Sector

41. September 29, Petoskey News-Review – (Michigan) AT&T service disruption due to system upgrade. AT&T Customers around the Petoskey, Michigan, area have been experiencing a disruption in their mobile service since September 27 because of complications with the system upgrade to a 3G network. “There is a tower down in the area because of the change over to the 3G network. Our local engineers have been having trouble with the upgrades, so there are engineers here from down state to help fix the problem,” Petoskey’s AT&T manager said. The disruption will only be temporary, but the changes will provide customers in the area with faster Internet from their mobile phones. Source: http://www.petoskeynews.com/business/pnr-business-att-092910,0,6800842.story

42. September 28, Computerworld – (International) CDW survey: 25% of customers reported network outage in last year. In a business continuity survey of 7,000 CDW customers, 1,794, or about 25 percent, reported experiencing a network disruption of 4 hours or more within the last year. CDW then conducted a second poll of 200 IT decision-maker customers who had experienced significant network outages since July 2009 and found that half said power loss was the top cause of the problem. Hardware failures were cited by 29 percent of the respondents and lost telecommunications were named by 21 percent. CDW polled customers for its Business Continuity Straw Poll, which looks at how businesses dealt with disruptions and the measures they are taking to improve business continuity and disaster recovery capabilities. The survey results also showed: 51 percent experienced problems connecting to their IT network from other locations; 50 percent had problems connecting from inside their business locations; and 46 percent said employees could not access the necessary company resources to do their jobs during an outage. Source: http://www.computerworld.com/s/article/9188418/CDW_survey_25_of_customers_reported_network_outage_in_last_year

43. September 28, WNCN 17 Raleigh – (North Carolina) 3,000 CenturyLink customers lose communication services. A total of 3,000 CenturyLink customers in Wake Forest, North Carolina, were without phone service after a construction crew damaged a fiber optic cable September 28. A spokesperson for CenturyLink said the third party construction crew damaged the cable on Jones Dairy Road, around 10:30 a.m. All communication services, including phone and DSL service, were not operating until service was restored around 2 p.m. The Cumberland County Mental Health Center and the Child Support Department in Fayetteville are also experiencing an outage with CenturyLink services. Source: http://wake.mync.com/site/wake/news/story/55668/3000-centurylink-customers-lose-communication-services

 Seven people were injured when the West Seattle Water Taxi impacted the seawall in Seattle, Washington September 26. (See item 24)

24. September 26, West Seattle Herald – (Washington) Water taxi impacts seawall; Several injured. The West Seattle Water Taxi impacted the seawall in Seattle, Washington September 26 at about 11:30 a.m., and seven people were injured. The Rachel Marie hit the historic Pier 50 at approximately 7 mph. One person fell in the water and was rescued. Seventy-eight passengers and crew were aboard at the time. Those injured were taken to the waterfront division of the Seattle Fire Department (SPD) or to the hospital. A SPD lieutenant said there was no known cause at this time, but that all possibilities including pilot error would be examined. One crewman on the dock suggested that it was mechanical error. After impact, the packing gland around the propeller failed causing the vessel to take on water. This was dealt with by the crew. At no time was the vessel in danger of sinking. The Rachel Marie was towed out by a tugboat around 2:30 p.m. While a piling was clearly damaged along the seawall and the front of the boat was damaged, it appeared that the windows on the front of the vessel took the brunt of the impact. Two of them were smashed in. The U.S. Coast Guard will take the lead in the investigation. Source: http://www.westseattleherald.com/2010/09/26/news/update-slideshow-water-taxi-impacts-seawall-sever

 A gunman wearing a ski mask and brandishing a rifle entered a library at the University of Texas at Austin September 28 and fired several shots before taking his own life, university officials said. No other injuries were reported. (See item 38)

38. September 28, ABC News – (Texas) Shots fired at University of Texas Austin, cops hunt possible second suspect. A gunman wearing a ski mask and brandishing a rifle entered a library at the University of Texas at Austin September 28 and fired several shots before taking his own life, university officials said. Officials said a suspect brought a semi-automatic gun to the school’s library. Police are still looking for a possible second suspect and the campus, site of an infamous 1966 school shooting, remains on lockdown. “The armed suspect is dead. No other injuries have been reported,” the university president wrote in a campus e-mail. An e-mail and text alert was sent to students and faculty around 8 a.m., just as the day’s first classes were beginning, warning that an “armed subject was reported last seen at Perry Castaneda Library” and telling students to remain in place. Source: http://abcnews.go.com/US/shots-fired-university-texas-austin-cops-hunt-gunman/story?id=11744405

Details

Banking and Finance Sector

13. September 28, Roanoke Times – (Virginia) Blacksburg bank hit again by phishers seeking info. For the third time this year, the National Bank of Blacksburg,Virginia has become the target of a scam that attempts to obtain account information from customers. About 6 p.m. September 25, several people called Blacksburg police to report that they had received text messages from National Bank asking them to respond with bank account and personal identification information, a sergeant said. The texts are part of a phishing scam, he said, attempting to gain personal information through the use of fraudulent messages that appear to come from a legitimate business. Similar scams using National Bank’s name happened in April and May. “As soon as we learned of the scam late on Saturday afternoon, we started working with our security consultants to have the criminals’ telephone number deactivated,” said National Bank’s chairman, president and CEO. Source: http://www.roanoke.com/news/nrv/wb/261935

14. September 27, Network World – (National) 6 tips for guarding against rogue sys admins. The vice president of the fraud program at the BITS Financial Services Roundtable said there has been an increase in insider incidents among U.S. financial services firms. “You have intentional breaches like theft of financial or propriety information and placement of logic bombs and malware, but you also have the unintentional breaches caused by insiders such as employees accidentally opening an infected file, installing unauthorized software or threats from social media,” the vice president said. “We’ve seen an increase in the intentional and the unintentional” insider-related security breaches. Network World spoke with CISOs and IT security experts about what practical steps IT departments can take to minimize the insider threat. Their advice is: Restrict and monitor users with special privileges; Keep user access and privileges current, particularly during times of job changes or layoffs; Monitor employees found guilty of minor online misconduct; Use software to analyze log files and to alert when anomalies occur; Consider deploying data-loss prevention technology; and educate employees about the insider threat. Source: http://www.computerworld.com/s/article/9188145/6_tips_for_guarding_against_rogue_sys_admins

15. September 25, Wall Street Journal – (National) Credit unions bailed out. Two years after the peak of the financial crisis, the federal government swooped in to stabilize a crucial part of the credit-union sector battered by losses on subprime mortgages. Regulators announced September 24 a rescue and revamping of the nation’s wholesale credit union system, underpinned by a federal guarantee valued at $30 billion or more. The majority of retail credit unions are sound, but they will have to shoulder the losses through special assessments over the next decade. The moves include the seizure of three wholesale credit unions, plus an unusual plan by government officials to manage $50 billion of troubled assets inherited from failed institutions. To help fund the rescue, the National Credit Union Administration plans to issue $30 billion to $35 billion in government-guaranteed bonds, backed by the shaky mortgage-related assets. Source: http://online.wsj.com/article/SB10001424052748703499604575512254063682236.html?mod=WSJ_hpp_LEFTTopStories

16. September 25, azfamily.com – (Arizona) Device detonated at bank near Anthem following robbery. A bomb scare took place outside a bank near Anthem, Arizona September 24. Workers at a Bank of America witnessed a robbery and a bomb scare just before closing at the location on Daisy Mountain and Gavilan Parkway. Police said a man walked into the bank and handed a note to the teller demanding money. The suspect also told the teller there was a bomb outside. Workers immediately called 911, and Maricopa County deputies found a small device left on the front door of the bank when they arrived at the scene. The bomb squad detonated the device. Authorities said they are still not sure what th3 device was. The suspect remains at large. Source: http://www.azfamily.com/news/local/Bomb-scare-after-robbery-outside-bank-near-Anthem-103768609.html

17. September 24, Memphis Commercial Appeal – (Mississippi; Tennessee) Southaven couple plead guilty to fraud charges. A Southaven, Mississippi couple have pleaded guilty to federal wire and mail fraud charges stemming from a scam involving insurance checks totaling nearly $700,000. They admitted to siphoning money from the woman’s employer, Direct General Insurance Corp. of Memphis, Tennessee by creating fraudulent checks on insurance claims. She was a claims adjuster at Direct General whose job was to issue claims checks for legitimate claims. According to a criminal complaint, she created fraudulent checks on existing insurance claims by adding her name or her husband’s as payees. She also created checks for her husband and for an unspecified number of others in Mississippi who then would give the defendants a percentage of the checks, according to court documents. The fraud, which occurred between December 3, 2004, and March 6, 2009, totaled $678,704.26, court records show. The couple entered guilty pleas the week of September 20. Source: http://www.commercialappeal.com/news/2010/sep/24/southaven-couple-admit-fraud/

18. September 24, Lincoln Journal Star – (Nebraska) Lincoln golf courses, restaurant sources of credit card leaks. Two Lincoln, Nebraska golf courses and a restaurant said they are the sources of more than 200 credit and debit card numbers stolen recently from Lincoln-area residents. In a news release September 24, Wilderness Ridge golf course and restaurant and Hidden Valley Golf announced they had uncovered a security breach that exposed the card numbers of its recent customers. “All offending systems were immediately shut down,” the release said. It is not clear how far back the breach stretched. The Lincoln police chief said one affected cardholder had not been to either business since March. As of the morning of September 24, police had taken 225 reports of credit and debit card fraud they believe to be connected, an officer said. Police suspect the number of victims to be far greater because some people have chosen to handle the fraud through their banks instead of filing police reports. Source: http://journalstar.com/news/local/crime-and-courts/article_c15fce1e-c84d-11df-a241-001cc4c03286.html

For another story, see item 41below in the Information Technology Sector

Information Technology

40. September 28, Help Net Security – (International) U.S. leads the way in malware and firewall attacks. The United States has overtaken India and Russia to become the biggest producer of viruses once more, according to Network Box. The United States is now responsible for 12 percent of the world’s viruses, up from 4 percent from August, when the United States trailed both India and Russia. India takes second place with 7.17 percent, after its virus production declined by 6.56 percent. Russia, which was in third place, has dropped to fifth after a fall of 5.53 percent, to be replaced by Korea, which saw an increase in production of 0.27 percent (reaching 6.29 percent of virus production). Viruses produced in the United Kingdom have dropped again (by 0.29 percent). The United Kingdom has now dropped from fourth largest producer in July, to tenth in September. The United States and India still dominate when it comes to spam production, being responsible for 10.79 and 6.88 percent of the world’s spam, respectively. Russia has replaced Brazil as the third largest spam producer, after an increase of 2.53 percent from last month, to 6.04 percent of the world’s spam. The majority of firewall attacks still originate from the United States (18.65 percent) — in fact there was a slight increase of 0.32 percent in September. Source: http://www.net-security.org/malware_news.php?id=1473

41. September 28, SC Magazine UK – (International) Email spam campaigns continue to rise as LinkedIn users targeted. A significant e-mail spam campaign was detected September 27 which targeted the LinkedIn social media community. Targets were e-mailed an alert link with a fictitious social media contact request and after clicking the link, victims were taken to a Web page that said “please waiting ..... 4 seconds,” which redirected them to the Google homepage. According to Cisco, during those four seconds, the victim’s PC was infected with the Zeus data theft malware by a drive-by download. It detected that within a 15-minute interval, these messages accounted for as much as 24 percent of all spam sent. Cisco advised organizations to encourage individuals to delete such requests, especially if they do not know the name of the contact and suggests that the criminals behind this attack are most interested in employees with access to financial systems and online commercial bank accounts. Source: http://www.scmagazineuk.com/email-spam-campaigns-continue-to-rise-as-linkedin-users-targeted/article/179761/

42. September 27, TrendLabs Malware Blog – (International) ZeuS now uses false download URLs. A TrendLabs Malware blogger has recently been seeing ZeuS variants whose default configuration file references a suspicious list of URLs from which it can download backup configuration files. This particular list is from a ZeuS variant detected by Trend Micro as TSPY_ZBOT.BVQ. The list from its configuration file seems longer than most of the typical ZeuS variants and the domain names looked atypical. When checked, all of these URLs are already inaccessible and most of the domains are unregistered. In addition, the list of URLs does not include BLOCKEDikal.com, where its drop zone and updated copy are located. It is typical of ZeuS variants’ drop zones, updated copies, and configuration files to be contained in the same domain. Cybercriminals using ZeuS intentionally did this to prevent security researchers from easily gathering information on their activities. Alternately, these extra URLs can be used as backup update locations, just in case the main location is taken down. Source: http://blog.trendmicro.com/zeus-trojan-now-uses-false-configuration-urls/

43. September 27, The Register – (International) Microsoft to issue emergency patch for ASP.Net vuln. Microsoft was slated to release an emergency patch September 28 that plugs a security hole in a variety of its Web developer tools that has been under active attack for more than 1 week. The vulnerability in ASP.Net applications allows attackers to decrypt password files, cookies, and other sensitive data that is supposed to remain encrypted as they pass from the server to a Web browser. It works by flooding a server with thousands of corrupted Web requests and then analyzing the error messages and other responses that result. The series of responses are known as a “cryptographic padding oracle” that over time deliver information that an attacker can deduce the secret key used to scramble the communications. The vulnerability was disclosed the week of September 13 at the Ekoparty conference in Argentina. Microsoft soon responded with an advisory that warned that the vulnerability was under “limited attack.” It recommended that users implement several temporary measures to make the exploits harder to carry out. Source: http://www.theregister.co.uk/2010/09/27/asp_dot_net_padding_oracle_fix/

44. September 27, Help Net Security – (International) Google warns Gmail users on spying attempts from China. Recently, a number of users have been witnessing a glaring red banner popping up when they accessed their Gmail account, saying “Warning: We believe your account was recently accessed from: China (IP ADDRESS)”. ThreatPost reports that among the seemingly random victims — gamers, doctors, media consultants — was also a member of Privacy International in the United Kingdom. Even though his Gmail account is wholly unconnected with his work for the human rights organization, he said that it is possible that he was targeted because of a EU-China Human Rights Network seminar during which he discussed freedom of speech issues and differences between the EU and China on that account. All users who have been similarly warned are advised by Google to change their passwords. Technolog asked Google to comment on the occurrence, and they said that the banner is simply part of the security feature introduced in March. Source: http://www.net-security.org/secworld.php?id=9917

45. September 27, Computerworld – (International) Stuxnet worm can re-infect scrubbed PCs. A security researcher September 27 revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware. Previously, researchers had spotted several propagation methods in Stuxnet that ranged from spreading via infected USB flash drives to migrating between machines using multiple unpatched Windows bugs. The manager of operations on Symantec’s security response team said he had found another way that the worm spreads. According to the manager, Stuxnet also injects a malicious DLL into every Step 7 project on a compromised PC, ensuring that the worm spreads to other, unaffected PCs whenever an infected Step 7 file is opened. Source: http://www.computerworld.com/s/article/9188238/Stuxnet_worm_can_re_infect_scrubbed_PCs

46. September 27, The H Security – (International) Spamhaus launches whitelist. Spamhaus, previously known mainly for its anti-spam blacklists, is launching an online whitelist project. Spamhaus said that checking whitelists as well as blacklists allows users to improve their spam filtering. According to Spamhaus, e-mails originating from whitelisted mail servers can pass unfiltered, while e-mails from blacklisted servers can be blocked as before. As a consequence, fewer e-mails than before need to be processed via more elaborate secondary filters. Reportedly, this reduces processing loads and errors. The Spamhaus whitelist is to include “qualified corporations” such as banks, accounting firms, and airlines as well as medical centers and government agencies. In its announcement, Spamhaus said the mail servers of large telecommunications providers and ISPs, which jointly generate a major proportion of the e-mail traffic worldwide, as well as the senders of solicited bulk e-mails are not eligible for whitelisting. Priority treatment of such senders can be achieved via a separate whitelist that Spamhaus said is in preparation, or via a project with a wider scope such as DNSWL. Source: http://www.h-online.com/security/news/item/Spamhaus-launches-whitelist-1096753.html

Communications Sector

47. September 27, Sikeston Standard Democrat – (Missouri) Signal loss leads to weekend Charter cable and Internet outage. Approximately 13,000 Charter Communications customers in and between Cape Girardeau and Sikeston, Missouri, were affected by disrupted cable television and Internet services September 25. The outage happened just before 1 p.m. when most channels froze or went out completely while Internet services went out. The government relations manager for Charter said the company experienced a signal loss at the interconnect between Fredericktown, Missouri, and Cape Girardeau. Source: http://www.semissourian.com/story/1667874.html

48. September 27, Danbury News-Times – (Connecticut) Metro-North severs telephone line in Branchville. Workers readying the ground for the modernization of the Danbury-to-Norwalk Metro-North train line accidently severed an AT&T cable near the Branchville station in Ridgefield, Connecticut, September 26, cutting telephone and cable TV service to many in the Georgetown area. A spokeswoman for Metro-North said crews were repairing the damaged line September 27. However, she said the repair involved splicing about 600 wires together. She said crews plowing the ground near the Branchville station cut the line. The crews are doing preliminary work on the $53 million project to modernize the signaling system along the 24-mile railroad line. She said Metro-North had done its due diligence with utilities, including AT&T, to find any cable in the area before it began the work. Source: http://www.newstimes.com/news/article/Metro-North-severs-telephone-line-in-Branchville-676882.php

50. September 27, Agence France-Presse – (International) French police dismantle mobile phone hacking ring. French police busted a network of mobile phone hackers, a fraud worth millions of euros, and arrested nine people, including employees of cellular phone companies, investigators said September 26. Three people were still in custody September 26 following the arrests across the country that came after a year-long investigation into the network, which had been operating for a decade and is the first of its kind in France, according to officials in an investigative unit of the Marseille gendarmerie. Investigators explained that fraudsters purchased codes to unlock SIM cards for $4 each from high-ranking phone company employees, who had access to company databases. The network subsequently sold the codes on the Internet for $40. The money earned from these sales were put into tax-free overseas bank accounts. With the codes, individuals could access any SIM card, even foreign cards, with their mobile phones. The investigation began at the end of 2009 after a complaint at French phone company SFR in the southern city of Marseille about discrepancies in its security system. Two other companies, Bouygues Telecom and Orange, were also affected by the fraud. Source: http://www.google.com/hostednews/afp/article/ALeqM5jsQg3o74Kx_0QvOzWKs0r4Ppz_Vg

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"